A potential cybersecurity breach involving the Russell Township Police Department’s equipment led to a dispute between the police and the Geauga County Automatic Data Processing board at a Sept. 18 trustees meeting.
A potential cybersecurity breach involving the Russell Township Police Department’s equipment led to a dispute between the police and the Geauga County Automatic Data Processing board at a Sept. 18 trustees meeting.
The township police department machines, including a mobile data terminal and a school resource officer laptop, were compromised earlier this month due to a potential breach from a Russian source, said Geauga County Auditor Chuck Walder, who sits on the ADP board, during the Russell Township Trustees regular meeting.
MDTs are used for running license plates, warrant checks and writing reports, said ADP Chief Deputy Administrator Frank Antenucci in a follow-up interview Sept. 19.
Walder brought five representatives from ADP to the Sept. 18 meeting to explain his concerns about the cybersecurity incident.
“I am tasked with safeguarding Geauga County’s network infrastructure and technology on a day-to-day basis, under the ADP board’s oversight,” Walder said in a Sept. 16 report sent to Russell officials.
Alerts came to ADP on Sept. 8 saying outside connections from Russia were trying to connect these machines.
“So, before we could even do anything, that machine was shut down by the software that protects the rest of the network,” Antenucci said, adding he notified the Geauga County Sheriff’s Office — which manages those machines — of the incident within five minutes of it happening.
Russell Township Police Chief Tom Swaidner reached out to their vendor, Simvay Systems — a cybersecurity company out of Westlake — to see if it was true they were at risk.
Simvay said this type of traffic was normal.
ADP continued to disagree that the traffic was normal, Walder said in his report.
“(It) appears this is being used as a vehicle to force RPD into using ADP for their IT services,” said Kristoffer Oswald, co-founder of Simvay, in an email to Antenucci Sept. 9.
Antenucci said ADP cannot make money off of townships.
“The law requires us to break even or lose money, which we’re happy to do because it’s good for the taxpayers,” he added, regarding the possibility of ADP wanting money out of the situation.
Russell P.D. Email Shut Down
ADP blocked Russell police department’s email domain Sept. 8 because the school resource officer’s laptop was being affected by the same issue as the MDT, Antenucci said, adding ADP worried malicious sources might go through other emails and cause issues in the whole network.
“It has all the earmarks and issues of compromise that there could potentially be a breach, but we don’t know if there’s a breach or not because (Russell police) have not been very forthcoming with information,” Antenucci said. “So, if they provide us all this information … then we could make a better assessment. But right now, they haven’t communicated that, so we just don’t know … Geauga County is totally secure, we just don’t know about the Russell police domain.”
Swaidner said he never notified their email domain was being shut off and later asked for ADP to unblock it.
“I believe you will find enough supportive evidence to show that the precautionary action has well passed,” Swainder said in an email to ADP Sept. 12. “(The domain block) has created substantial interference with law enforcement operations … I believe the burden of proof has been well established that the russellpolice.com domain has been and remains to be safe and no supportive documentation has been (shown) to prove otherwise.”
Russell police department has had a hard time communicating with the Geauga County courts, Geauga County law enforcement departments, the Geauga County Prosecutor’s Office and Russell Township officials because of the domain shutdown, the chief added.
The department could have created a new email through Gmail, Hotmail or other avenues to communicate, Walder replied to Swaidner.
Inadequate Report Delays Restoration Efforts
Russell police department’s lack of communication with ADP about the incident is what has caused the hold-up in reinstating its email domain, both Antenucci and Walder said.
ADP requires entities to fill out a form detailing the issue and its sources, which Swaidner did, Walder said, adding, however, he replied with “NA” for most of the responses, which is not an option for any of the questions.
“The sections intended to document what actually happened and how it was fixed are largely answered ‘not applicable,’ including: phishing sender, phishing URL, additional information/IOCs and other remediation details,” ADP said in its report. “This fails to provide the minimum evidence needed to validate containment/eradication.”
The data on the report was invalid, Walder added.
“(The form) basically said, ‘There’s no issues, unblock us,’” Antenucci said. “No, (Russell police department needs) to provide us actual information and technical overview type stuff so we can make that determination on our own.”
As a result, APD has not reinstated the police department’s email domain.
As of Sept. 22, the police department nor Simvay have returned a new complete form to ADP.
Conditions from ADP
Trustees urged Walder to wrap up his talk, which lasted an hour, so they could get on with other business, and indicated they plan to have Swaidner work with Simvay to complete the form correctly.
“This is in the hands of Simvay, they’re working on it,” Trustee Chris Hare said. “It is understood that both these forms are conditions for the release of the domain … I’m keeping as close an eye on it that this gets to you.”
This won’t be another problem again for another five to seven years when the MDTs run out of life, Swaidner said.
“We’re here kind of as a courtesy, really … At the end of the day … our main and sole job is to protect the county’s network and the county’s resources,” Geauga Auditor’s Office Chief Compliance Officer and Administrator Kate Jacob said at the meeting. “Sometimes, there’s a built-in inconvenience that may be involved with that safeguard, but that’s our role. It’s not to make it easier for suspect machines to get back online.”
When asked why Russell police department is not including ADP for its IT services, Swaidner said that decision is based on trust.
“I think it is built on trust, knowing that they’re providing a good service and that what their recommendations are are going to be built on trust,” he said. “We haven’t had any issues.”
ADP gave Russell police a list of conditions that need to be met before their email domain is unblocked, including the root-cause, phishing sources, measures to mitigate the issue and acknowledgment from Simvay the issue won’t happen again.
“I need to make sure the rest of the county doesn’t go down,” Walder said. “Nothing would be worse than if whatever is happening in Russell spreads through … every entity in the county,”
